By defining NO_TAINT_SUPPORT, all the various checks that perl does for
tainting become no-ops. It's not an entirely complete change: it doesn't
attempt to remove the taint-related interpreter variables, but instead
virtually eliminates access to it.

Why, you ask? Because it appears to speed up perl's run-time
significantly by avoiding various "are we running under taint" checks
and the like.

This change is not in a state to go into blead yet. The actual way I
implemented it might raise some (valid) objections. Basically, I
replaced all uses of the global taint variables (but not PL_taint_warn!)
with an extra layer of get/set macros (TAINT_get/TAINTING_get).
Furthermore, the change is not complete:

- PL_taint_warn would likely deserve the same treatment.
- Obviously, tests fail. We have tests for -t/-T
- Right now, I added a Perl warn() on startup when -t/-T are detected
but the perl was not compiled support it. It might be argued that it
should be silently ignored! Needs some thinking.
- Code quality concerns - needs review.
- Configure support required.
- Needs thinking: How does this tie in with CPAN XS modules that use
PL_taint and friends? It's easy to backport the new macros via PPPort,
but that doesn't magically change all code out there. Might be
harmless, though, because whenever you're running under
NO_TAINT_SUPPORT, any check of PL_taint/etc is going to come up false.
Thus, the only CPAN code that SHOULD be adversely affected is code
that changes taint state.

When opslab_force_free is called, the CV still has a reference count
on the slab. In fact, we don’t even bother lowering it if all goes
well, but simply free the slab with the reference count set to 1.
So the paranoid code that increments the reference count before free-
ing an op is not necessary. Also, the shortcut out of the loop
was never triggered, as it was checking for a reference count of 0,
rather than 1.

When a CV is freed prematurely, it cleans up its op slab. But
SAVEFREEOP may cause the savestack to point to an op in that slab
after the CV has been freed, so SAVEFREEOP is allowed to coun-
termand the freeing of the slab. Every op that is not on the
savestack is freed.

The reference count of the slab was being left off by one. The result
was that when the stack unwinding freed the op, it would leave the
slab behind and leak it.

Normally if there is a syntax error yyerror just records it and pars-
ing continues anyway. If there are too many syntax errors, it croaks.

It just happened that if it croaked when encountering invalid flags
for quote-like operators it would leak the buffer containing the pat-
tern (and the substitution for s///).

Since those are stored in the parser struct and are set to null when-
ever something else takes ownership of the SV, these struct members
will only ever be non-null in parser_free when they have leaked. So
we can free them there. (I.e., these slots have always been refer-
ence-counted, so treat them that way.)

threads::shared has to juggle multiple interpreters. Sometimes the
interpreter it is calling into (and passing as the first argument
via pTHX) is not actually the current thread as far as the OS is
concerned.

Perl_safesysfree in util.c does not take a pTHX parameter, so it
fetches the current interpreter from the data associated with the cur-
rent thread.

The result is that PERL_TRACK_MEMPOOL complains that the file name
associated with an SV under DEBUG_LEAKING_SCALARS is being freed from
the wrong interpreter.

[INTERNALS]
- formatting of CGI::Carp documentation was improved. Thanks to benkasminbullock.
- un-TODO some tests in t/tmpdir.t that were passing in most cases.
More on this:
https://github.com/markstos/CGI.pm/issues/19#
https://github.com/markstos/CGI.pm/commit/cc73dc9807b0fabb56b3cdf1a9726588b2eda0f7

This routine by its very nature applies to the whole process so
there is no way it can make use of a thread context, and it may need
to be called from places where there is no thread context, such
as very early in start-up.

It's not documented, was never intended to be part of the API, was
only made global so it could be called from doio.c, and no uses of
it turn up in a CPAN grep, so the change should be safe.

The sub is successfully taking care of its ops when it is freed. The
eval is not.

I made the mistake of having the CV relinquish ownership of the op
slab after an eval syntax error. That’s precisely the situation in
which the ops are likely to leak, and for which the slab allocator was
designed. Duh.

If the $byte_overload scalar happens to have the flag on from last
time, but string overloading will turn the flag off, then pp_concat
gets confused as to whether it is dealing with bytes or utf8. It
sees both sides as having the same utf8ness, so it concatenates,
which stringifies the lhs and turns off the flag. The utf8 sequences
appended end up with no utf8 flag associated with them, the observable
effect being that the rhs is encoded as utf8.

If it weren’t for encoding.pm, we could use sv_catpvn_nomg_maybeutf8
and avoid determining the utf8ness of the lhs beforehand. But see-
ing that encoding.pm still exists, we have to prevent double overload
stringification the other way, by force-stringification of the target.

To compile the blocks in $x without recompiling the blocks directly
inside /.../, the regexp compiler blanks out the ‘outer’ blocks with
spaces, and compiles qr'a++ +(?{})'x. But /x can see through
those spaces, resulting in a change in behaviour. So use under-
scores instead.

When a run-time regular expression has code blocks in it,
those are compiled separately inside their own qr thingy (see
S_compile_runtime_code in regcomp.c).

In re_op_compile, the newly-compiled code blocks are stored in
pRExC_state->code_blocks, which is a mallocked array. That array also
holds reference counts on the regular expressions from which the code
blocks derive their existence. When the whole regular expression is
compiled, the code blocks are fetched from that array, and the new
regular expression ends up holding a reference count on those code
block’s originating regular expressions.

The reference counts that pRExC_state->code_blocks had were not low-
ered when pRExC_state->code_blocks was freed, except for qr/stuff$var/
(because the qr// would take ownership of those reference counts,
which would be lowered when the outer qr// itself was freed).

These functions are only used when the native sockets functions are not
available, e.g. when building miniperl on Windows following commit19253ae62c, so gcc's warning about ignoring the __malloc__ attribute here
is not normally seen.

The addition of "a" to these functions in embed.fnc by
commit f54cb97a39 was presumably wrong since none of them actually
allocate any memory (nor did so at the time), so change it to just "R"
(which is implied by the "a" and is still appropriate).

Slim down the image and speed up start up time for Win32 miniperl by
removing Winsock. Also if the build process on Win32 in the future
requires sockets, commenting one line in win32.h will turn sockets back on
for miniperl, but this time with delay loading on VC Perl. The only casulty
of no sockets for Win32 miniperl was figuring out the computer's name in
win32/config_sh.PL. A workaround by using an ENV var was implemented. The
purpose of this commit is to speed up the build process of Perl.

As said in the comment in win32.h, the WIN32_NO_SOCKETS macro is
incomplete in implementation. It is only removed winsock from being linked
in in miniperl, not full Perl. PERL_IMPLICIT_SYS (specifically PerlSock in
win32/perlhost.h) and makedef.pl's hard coded list of win32_* function
exports cause winsock to still be linked in with even with
WIN32_NO_SOCKETS on full perl. Both PERL_IMPLICIT_SYS (win32/perlhost.h)
and makedef.pl would require changes to remove winsock from being linked
in on full perl in the future.

These assorted static allocated variables were in RW memory in the perl
image. Move them to RO memory so they are sharable between different
Perl processes by the OS. The lack of consting in Win32 Dynaloader traces
to commit 0a753a76406 . S_Internals_V traces to commit 4a5df386486 .

Since the xpvlv and regexp structs conflict, we have to find somewhere
else to put the regexp struct.

I was going to sneak it in SvPVX, allocating a buffer large
enough to fit the regexp struct followed by the string, and have
SvPVX - sizeof(regexp) point to the struct. But that would make all
regexp flag-checking macros fatter, and those are used in hot code.

So I came up with another method. Regexp stringification is not
speed-critical. So we can move the regexp stringification out of
re->sv_u and put it in the regexp struct. Then the regexp struct
itself can be pointed to by re->sv_u. So SVt_REGEXPs will have
re->sv_any and re->sv_u pointing to the same spot. PVLVs can then
have sv->sv_any point to the xpvlv body as usual, but have sv->sv_u
point to a regexp struct. All regexp member access can go through
sv_u instead of sv_any, which will be no slower than before.

Regular expressions will no longer be SvPOK, so we give sv_2pv spec-
ial logic for regexps. We don’t need to make the regexp struct
larger, as SvLEN is currently always 0 iff mother_re is set. So we
can replace the SvLEN field with the pv.

SvFAKE is never used without SvPOK or SvSCREAM also set. So we can
use that to identify regexps.

When a regexp is unregexped, a new SV (temp) is created, so it
can swap bodies with the regular expression (sv), and then temp
can be freed.

If SvLEN is 0, then a scalar does not own its string buffer. Copied
regexps use that mechanism to share strings; only the original regexp
owns the string.

This little bit of code for handling the SvPVX field is strange:

/* Remember that SvPVX is in the head, not the body. */
if (SvLEN(temp)) {
SvLEN_set(temp, SvLEN(sv));
/* This signals "buffer is owned by someone else" in sv_clear,
which is the least effort way to stop it freeing the buffer.
*/
SvLEN_set(sv, SvLEN(sv)+1);
} else {
/* Their buffer is already owned by someone else. */
SvPVX(sv) = savepvn(SvPVX(sv), SvCUR(sv));
SvLEN_set(temp, SvCUR(sv)+1);
}

Checking SvLEN(temp) is pointless if we have just created temp. That
check is always false. Presumably it was meant to be SvLEN(sv). But
the original regexp scalar (i.e., not a copy) can never make it to
this function. So SvLEN(sv) is always 0, which is why this has
not caused any problem. The SvLEN_set inside the apodosis is also
strange. ‘This signals "buffer is owned by someone else"’. No it
certainly does not! It is not setting SvLEN to 0, but definitely to
non-zero. I can only assume this is a copy-and-paste error, which has
never caused a problem because it is unreachable.

The dump shows that both $y’s share the same string buffer, and nei-
ther claims ownership to it.

I have not been able to make this crash or reuse the string for some-
thing else, but still this is walking a fine line. Theoretically, it
should be possible for that string to be freed and reused in the par-
ent thread while the child thread is still using it.

Instead of pointing mother_re to the rhs of the assignment, point it
to the original re from which the rhs derives its existence. I.e.,
copy the mother_re field.

newSVpvn_flags is capable of mortalizing already, use that, is_utf8 is used
only once, waste of an auto var stack slot to calculate it so early,
instead create the flags arg to newSVpvn_flags at the point of usage.
flags param of yyerror_pvn will always be on the C stack.

The previous commit made it possible to nummify a string whose SvLEN
is 0. So we don’t need to run shared hash key scalars through
sv_force_normal before nummifying them. We still need to run COW sca-
lars through sv_force_normal under PERL_OLD_COPY_ON_WRITE, as it uses
the IVX field for COW bookkeeping. For simplicity’s sake, I’m not
bothering to distinguish shared hash keys scalars from other COW sca-
lars under PERL_OLD_COPY_ON_WRITE.

There are various SvPOKp(sv) && SvLEN(sv) checks in numeric
conversion routines in sv.c, which date back to perl 1. (See
<http://perl5.git.perl.org/perl.git/blob/8d063cd8450e59e:/str.c#l89>.)
Back then it did not matter, as str->len (later SvLEN) was always set
when there was a PV. It was not until perl 5.003_01 (1edc1566d5) that
we got the SvLEN==0 mechanism for PVs not owned by the scalar. (I
don’t believe it was actually used till later, so when this became a
problem I don’t know--but that’s enough digging.)

A regexp returned by ${qr//} is POK but does not own its string. This
means that nummifying a regexp will result in a uninitialized warning.

The SvLEN check is redundant and problematic, so I am removing it.
(This also means I can remove the sv_force_normal calls in the next
commit, since shared hash key scalars, which also have SvLEN==0 will
no longer need it to pass the SvLEN checks.)

This does mean, however, that SVt_REGEXP can reach code paths that
expect to be able to use Sv[IN]VX (not valid for regexps), so I actu-
ally have to check that the type != SVt_REGEXP as well. We already
have code for handling fbm scalars (for which Sv[IN]VX fields are also
unusable), so we can send regexps through those paths.

Commit b9ad13acb set SvSTASH to null after copying the regexp struct.
Commit 703c388dc did the same with SvMAGIC. In both cases, this was
to avoid bugs involving magic and blessings being copied by = which
should not happen. But both changes caused other bugs.

Three months later, 6e1287864cd changed the order of the struct, such
that SvMAGIC and SvSTASH are no longer copied from the parent regexp,
rendering the aforementioned changes no longer necessary.

Commit b9ad13acb3 caused case SVt_REGEXP in sv_upgrade to fall
through to the assertions under case SVt_PVIV that are not relevant to
SVt_REGEXP.

We should really be setting the FAKE flag when actually making a sca-
lar a regexp, rather than in sv_upgrade. (I will probably need it
there in future commits, too, since it really should be possible for
SVt_PVLVs to hold regular expressions.)

This was added to make SvREADONLY_off safe. (I think read-only is
turned off during magic so the magic scalar itself can be set without
the sv_set* functions getting upset.) Since SvREADONLY doesn’t mean
read-only for COWs, we don’t actually need to do sv_force_normal, but
can simply skip SvREADONLY_off for COWs.

By leaving it to sv_set* functions to do sv_force_normal, we avoid
having to copy the string buffer if it is just going to be thrown away
anyway. S_save_magic can’t know whether the scalar will actually be
overwritten, so it has to copy the buffer.

This was brought up in
<https://rt.perl.org/rt3/Ticket/Display.html?id=114820#txn-1165898>.

There is no reason we cannot assigned a shared hash key to a magical
scalar. The only destination flag in CAN_COW_MASK that makes COW
assignment questionable is SVf_BREAK. If such an assignment can hap-
pen (and I don’t believe it actually can), we will end up with unbal-
anced string table warnings. So change the CAN_COW_MASK check to an
SVf_BREAK check.

These lists are declared at file scope so will be global unless
made static. Actual use of these lists is via the various PL_xxx
global variables that point to them and that (except for
NonL1_Perl_Non_Final_Folds_invlist) are initialized in
Perl_re_op_compile in regcomp.c (but not in its incarnation as
ext/re/re_comp.c).

So change the lists to be static, and also skip declaring and
initializing them in ext/re/re_comp.c except for the one case that
is actually used in the extension version.

The previous commit moved all B::*OP methods capable of using direct field
offsets into next(). This commit moves the remaining B::*OP methods onto
it too (apart from oplist(), which returns a list rather than a single
item).

This simplifies the code, reduces the object size, and will also make it
easier to add an overlay facility, which will be coming soon.

The code for B::OP::next() actually implements all B::*OP::* methods
that work by directly returning a field at a known offset in the OP
structure. Methods that can't do direct access usually have their own
body, rather than sharing with next().

However, whether a method can do direct field access is often dependent on
threading and/or perl version; so the same method is sometimes implemented
by next(), and sometimes by one or more individual method bodies. This is
all very confusing.

This commit takes all methods that *may* be implemented within next(),
and makes them always implemented by next(), using a table of data that
describes each method's offset, or -1 if it needs special handling.

This makes it a lot easier to see what's going on, and will also make it
easier to add an overlay facility, which will be coming soon.

The following commit will consolidate the remaining B::*OP methods within
next().

The modules and tests under ext/B are notionally supposed to be
portable to older perl versions; in practice, extensive bit-rot
has occurred; often attempts have been made to add version-specific
code, which haven't actually been tested against older perl versions.

This commit does the minimum necessary to get the tests under ext/B
working with 5.16.0 and 5.16.1, threaded and unthreaded. It makes no
assertions as to whether it will work with the rest of the 5.16.x test
suite.

The side effects of this fix-up are:

* a facility has been added to OptreeCheck.pm (the test module that
checks the Concise output of various constructs) that allows
version-specific matching, e.g.:

* OptreeCheck.pm's skip mechanism was found to be broken: checkOptree()
allows you to specify skipping, but only skipped one test, even though
a single call to checkOptree() could generate multiple lines of test
output.

improve diagnostics of dbm_filter_util.pl by using Data::Dumper::qquote

We are testing things like packed strings. If we output the bytes raw
via diag we upset terminal layers expecting utf8, and generally output
unreadable garbage regardless. So use Data::Dumper::qqoute() to
preprocess diagnositics output.

Under the filtering rules in place undef() and "" and 0 map to a
packed representation of 0.

In the StoreData call we pass in an anonymous perl (untied) hash
containing an "undef" key (which is actually treated as "") with a
value of undef(), along with a key 0 with a value of 1. This hash
will store both values as distinct key/value pairs.

When this hash is used to set up the *tied* %h1 hash both the "" key
and the 0 key will be converted into the same packed value "\0\0\0\0",
which means that whichever is last in the each() of the input hashref
will be the one stored in %h1.

This means the test breaks if we change the PL_hash_seed or the hash
implementation in such a way that "" comes before 0 in the keys of
the hash.

This patch changes the input test hash to verify that undef() => 1 is
treated the same as 0 => 1, and eliminates the potential key collision.
The reason this test was reliable in the wild is that pretty well all
perls use a 0 hash seed and the same hash function.

When two keys collide and have to be stored in the same bucket the
order in which they are inserted into the hash will govern the order
in which they are fetched out by things like keys() and values().

This means that a copy of such a hash may be different. It is possible
this can be fixed with a low cost, but until then you cannot rely on
two hashes with the same keys having the same ordering of those keys

Depending on the hash algorithm and the seed values used this test
would fail. By changing it so there is one initial hash and then all
tests are done on copies of that hash we avoid the problem.

obslab and the removal of the op_latefree logic, which allowed static
ops, removed support for the compiler modules, which allocates ops statically.
Add an op_static flag to replace the old latefree(d) op_free logic.

Most perls are built with PERL_MALLOC_WRAP. This causes MEM_WRAP_CHECK
macro to perform some checks on the requested allocation size in macro
Newx. The checks are performed at the caller, not in the callee (for me
on Win32 perl the callee in Newx is Perl_safesysmalloc) of Newx.
If the check fails a "Perl_croak_nocontext("%s",PL_memory_wrap)" is done.
In x86 machine code,
"if(bad_alloc) Perl_croak_nocontext("%s",PL_memory_wrap); will be written
as "cond jmp ahead ~15 bytes", "push const pointer", "push const pointer",
"call const pointer". For each Newx where the allocation amount was not a
constant (constant folding would remove the croak memory wrap branch
compleatly), the branch takes 15-19 bytes depending on x86 compiler. There
are about 80 Newx'es in the interp (win32 dynamic linking perl) that do
the memory wrap check and have a
"Perl_croak_nocontext("%s",PL_memory_wrap)" in them after all optimizations
by the compiler.

This patch reduces the memory wrap branch from 15-19 to
5 bytes on x86. Since croak_memory_wrap is a static and a noreturn, a
compiler with IPO may optimize the whole branch to "cond jmp 32 bits
relative" at each callsite. A less optimal complier may do "cond jmp 8 bits
relative (jump past the "call S_croak_memory_wrap" instruction),
then "call S_croak_memory_wrap". Both ways are better than the current
situation. The reason why croak_memory_wrap is a static and not an export
is that the compiler has more opportunity to optimize/reduce the impact of
the memory wrap branch at the call site if the target is in the same image
rather than in a different image, which would require using the platform
specific dynamic linking mechanism/export table/etc, which often requires
a new stack frame per ABI of the platform. If a dynamic linked XS module
does not use S_croak_memory_wrap it will be removed from the image by the
C compiler. If it is included in the XS image, it is a very small block
of code and a 3 byte string litteral. A CPU cache line is typically
32 or 64 bytes and a memory read is typically 16. Cutting the
instructions by 10 to 16 bytes out of "hot code" (10 of the ~80 call
sites are pp_*) is a worthy goal. In a few places the memory wrap croak is
used explictly, not from a MEM_WRAP_CHECK, this patch converts those to use
the static. If PERL_MALLOC_WRAP is undef, there are still a couple uses of
croak memory wrap, so do not keep S_croak_memory_wrap in a ifdef
PERL_MALLOC_WRAP. Also see
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg194383.html
and [perl #115456].